aboutsummaryrefslogtreecommitdiffstats
path: root/roles/vaultwarden/vars/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/vaultwarden/vars/main.yml')
-rw-r--r--roles/vaultwarden/vars/main.yml54
1 files changed, 54 insertions, 0 deletions
diff --git a/roles/vaultwarden/vars/main.yml b/roles/vaultwarden/vars/main.yml
new file mode 100644
index 0000000..5c232ad
--- /dev/null
+++ b/roles/vaultwarden/vars/main.yml
@@ -0,0 +1,54 @@
+vaultwarden_packages:
+ - mariadb-connector-c
+ - libpq
+ - libpq-devel
+ - openssl-devel
+ - git
+ - npm
+ - nodejs
+ - gcc
+
+vaultwarden_home: /opt/vaultwarden
+
+vaultwarden_git_repo: https://github.com/dani-garcia/vaultwarden
+vaultwarden_source_dir: '{{ vaultwarden_home }}/vaultwarden'
+
+vaultwarden_web_url: https://github.com/dani-garcia/bw_web_builds/releases/download/v{{ vaultwarden_web_version }}/bw_web_v{{ vaultwarden_web_version }}.tar.gz
+vaultwarden_web_dir: '{{ vaultwarden_home }}/web-vault'
+
+vaultwarden_data_dir: /var/lib/vaultwarden
+vaultwarden_keytab: /var/lib/gssproxy/clients/{{ vaultwarden_user }}.keytab
+
+vaultwarden_admin_hbac_hostgroup: bitwarden_servers
+vaultwarden_admin_hbac_service: bitwarden-admin
+
+vaultwarden_apache_config: |
+ {{ apache_proxy_config }}
+ <Location />
+ ProxyPass http://127.0.0.1:{{ vaultwarden_port }}/
+ ProxyPassReverse http://127.0.0.1:{{ vaultwarden_port }}/
+ </Location>
+
+ <Location /notifications/hub>
+ ProxyPass http://127.0.0.1:{{ vaultwarden_websocket_port }}/
+ ProxyPassReverse http://127.0.0.1:{{ vaultwarden_websocket_port }}/
+
+ RewriteEngine on
+ RewriteCond %{HTTP:Upgrade} websocket [NC]
+ RewriteCond %{HTTP:Connection} upgrade [NC]
+ RewriteRule ^/?(.*) "ws://127.0.0.1:{{ vaultwarden_websocket_port }}/$1" [P,L]
+ </Location>
+
+ <Location /notifications/hub/negotiate>
+ ProxyPass http://127.0.0.1:{{ vaultwarden_port }}/
+ ProxyPassReverse http://127.0.0.1:{{ vaultwarden_port }}/
+ </Location>
+
+ <Location /admin>
+ AuthType GSSAPI
+ AuthName "FreeIPA Single Sign-On"
+ GssapiLocalName On
+ {{ apache_gssapi_session_config }}
+ {{ apache_ldap_config }}
+ Require ldap-attribute memberof=cn={{ vaultwarden_admin_group }},{{ freeipa_group_basedn }}
+ </Location>
generated by cgit (git 2.34.1) at 2024-09-19 11:56:54 -0400